Using Big Data to Defend Against Cyber Security Threats
Some compare the challenge of responding to today's cybersecurity threats to playing an extreme version of Whac-A-Mole: where the minute one focuses on destroying one mole-like threat, other moles are already popping up.
Take Adobe: This October, the company reported the cybertheft of more than 2.9 million customers' information. Even more disturbing for the company, and potentially others, was the theft of some of Adobe's source code, which may translate into further theft of personal information and other organizations' intellectual property.
While the theft's full damage is still unknown, the multipronged heist is another indicator that cyberattacks are wreaking increasingly greater damage. In Ponemon Institute's upcoming 2013 Cost of Cyber Crime Study, the firm reports this year's average annualized cost of cybercrime was $7.2 billion per company polled in its study — a 30 percent increase in mean value over last year. The report also says successful cyberattacks increased 20 percent over last year, with each company surveyed experiencing 1.4 successful attacks per week.
"We used to make statements, such as 'I have a firewall; I'm protected,' or 'I have antivirus software; I'm protected,'" says Todd Pedersen, a cybersecurity lead for CSC. "Now, the conversation is less about preventing an attack, threat or exposure, and more about how quickly you can detect that an attack is happening."
Big Data-guided defenses
There's a growing demand for security information and event management (SIEM) technologies and services, which gather and analyze security event big data that is used to manage threats. Increasing numbers of regulations and mandates generated throughout the globe also are pushing the adoption of SIEM technologies and services.
"Both governments and industries are introducing more and more regulations and mandates that require the use of better data protection and security controls to help guard systems, information and individuals," says Matthew O'Brien, a global cybersecurity expert for CSC.
In the United States, the Federal Information Security Management Act, Health Insurance Portability and Accountability Act, Sarbanes-Oxley Act, and the Department of Homeland Security's Critical Infrastructure Protection guidelines, to name a few, all have requirements tied to collecting and logging information, events and activities that occur within an organization's environment — requirements that SIEM-related technologies and services help organizations meet.
For example, every second, more than 300,000 events generated by CSC and its customers run through CSC's Global Security Operations Centers.
"SIEM gives us the ability to take this massive amount of data and bring it all back to a central place, where it's combined with the other information we get from numerous security technologies," says Pedersen. "That gives us the ability to detect things that no individual technology in and of itself would have picked up, and create a picture to analyze, investigate and find security-related issues."
New levels of awareness
This SIEM capability also has become critical as organized crime, along with some nations' armed forces and intelligence services, moves center stage in the cyberarena, launching weapons-grade cyberattacks and advanced persistent threats.
At times these threats are global; at other times, attackers aim for specific industries. Ponemon's report says, "The average annualized cost of cybercrime appears to vary by industry segment, where organizations in defense, financial services, and energy and utilities experience substantially higher cybercrime costs than organizations in retail, media and consumer products."
"SIEM helps us create an environment that allows us to use a broad range of tools, some of which we select for a specific customer environment, and yet accrue data in a common environment and use that common environment for correlation and analysis," says Pedersen.
Increasing enterprise system complexity also creates a driver for SIEM. Today's organizations are adding greater numbers of connections, also known as endpoints, to their systems, either due to incorporating mobile devices, the bring-your-owndevice trend, expanding supply chains, or a desire to link their IT systems with their industrial control systems.
"The number of integration points with other technologies and the processes that support them today can be overwhelming," says O'Brien. "As we ask our systems to do more, they also become more vulnerable, which means we need a level of awareness that wasn't required before."
JENNY MANGELSDORF is a writer for CSC’s digital marketing team.